Method and apparatus for sharing licenses between secure removable media

ABSTRACT

A method and an apparatus for sharing a license between SRMs are disclosed. The method includes: a DRM agent obtains the license from a first SRM, and sets the license to a forwarding state locally; the DRM agent deducts one right of sharing the license; and the DRM agent sends the license to a second SRM. In the prior art, one moving right is deducted when the license moves from SRM1 to the device, and the other moving right is deducted when the license moves from the device to SRM2. By contrast, in the technical solution under the present invention, the license forwarded by the DRM agent is set to the forwarding state, and only one sharing right needs to be deducted, and therefore, the consumption of the sharing rights is reduced and the subscriber&#39;s rights are protected.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of International Application No.PCT/CN2009/071721, filed on May 11, 2009, which claims priority toChinese Patent Application No. 200810134766.3, filed on Jul. 29, 2008,both of which are hereby incorporated by reference in their entireties.

FIELD OF THE INVENTION

The present invention relates to Digital Rights Management (DRM)technologies, and in particular, to a method and an apparatus forsharing licenses between Secure Removable Media (SRM).

BACKGROUND

In order to protect legal rights of the content owner, the DRM managesuse of digital contents through a content protection and rights controlsolution.

A typical DRM solution includes: A Content Issuer (CI) uses a ContentEncryption Key (CEK) to encrypt digital contents and encapsulate theminto a DRM Content Format (DCF), distributes them to the devices, andsends the content identifier of the digital contents and thecorresponding CEK to the Rights Issuer (RI). The RI generates a licensecorresponding to the digital contents, and sends the license to a DRMagent in the device. The license includes the CEK, and the rights andlimitations of using the contents. The rights include execution,playing, and moving; and the limitations include use count, accumulatedtime, and validity period. After obtaining the DCF and the license, theDRM agent obtains the CEK through decryption, obtains the contentsthrough decryption, and uses the digital contents according to therights specified in the license.

The SRM is a kind of removable medium that protects internal dataagainst unauthorized access. With the SRM storing and moving the DCF andthe license, the storage space is expanded, and the license is movable.

In certain scenarios, the subscriber expects to present the license toothers or replace the SRM, which involves moving or copying of thelicense from one SRM to another SRM. With the popularization ofmulti-card-in-one-phone, subscribers have more requirements of sharinglicenses between SRM cards.

The SRM standard of the Open Mobile Alliance gives protocols for movinga license from a device to an SRM, and moving a license from an SRM to adevice. The SRM agent is an entity for performing DRM-related functionsin the SRM.

The prior art provides a solution to moving a license from a DRM agentto an SRM, and a solution to moving a license from an SRM to a DRMagent. In both of the solutions, the sharing rights are deducted afterevery moving operation. If a license needs to be moved from SRM1 toSRM2, the license needs to be moved from SRM1 to the DRM agent first,and then from the DRM agent to SRM2, which involves at least twodeductions of the sharing rights. In the process of developing thepresent invention, the inventor finds that the moving of a license inthe prior art involves multiple deductions of rights, which is a wasteof rights to the subscriber.

SUMMARY

The embodiments of the present invention provide a method and anapparatus for sharing a license between SRMs to overcome unnecessaryconsumption of sharing rights.

The embodiments of the present invention are based on the followingtechnical solution:

A method for sharing a license between SRMs includes:

obtaining, by a DRM agent, the license from a first SRM, and setting thelicense to a forwarding state locally; deducting one right of sharingthe license; and sending the license to a second SRM.

A method for sharing a license includes:

triggering, by a DRM agent, a first SRM and a second SRM to negotiate ashared key;

encrypting, by the first SRM, partial or complete information of thelicense by using the shared key; and

sending the license to the second SRM.

A method for sharing a license includes:

sending, by a first DRM agent, the license to an RI after obtaining thelicense from a first SRM; and

obtaining, by the second DRM agent, the license from the RI, and sendingthe license to a second SRM.

A method for sharing a license includes:

sending, by a DRM agent, the license obtained from a first SRM to asecond SRM after determining that the first SRM and the second SRMbelong to the same subscriber.

An apparatus for sharing a license includes:

an obtaining unit, configured to obtain the license from a first SRM;

a forwarding setting unit, configured to set the obtained license to aforwarding state;

a sending unit, configured to send the obtained license to a second SRM;and

a controlling unit, configured to deduct one right of sharing thelicense.

An apparatus for sharing a license includes:

an SRM interacting unit, configured to trigger a first SRM and a secondSRM to perform key negotiation; and

a forwarding unit, configured to forward the license of the first SRM tothe second SRM.

An apparatus for sharing a license between a first SRM and a second SRMis located in the first SRM, and includes:

a key negotiating unit, configured to perform key negotiation with thesecond SRM;

a processing unit, configured to encrypt partial information or completeinformation of the license by using a shared key negotiated with thesecond SRM; and

a sending unit, configured to send the license to the second SRM.

An apparatus for sharing a license is located in a second SRM andincludes:

a key negotiating unit, configured to perform key negotiation with afirst SRM;

a receiving unit, configured to receive the license sent by the firstSRM; and

a rights deducting unit, configured to deduct one operation right afterthe receiving unit receives a correct license.

An apparatus for sharing a license includes:

an obtaining unit, configured to obtain the license of a first SRM froma first DRM agent; and

a sending unit, configured to: send the license to a second DRM agent,and submit the license to a second SRM through the second DRM agent.

An apparatus for sharing a license includes:

a determining unit, configured to determine whether a first SRM and asecond SRM belong to the same subscriber;

an obtaining unit, configured to obtain the license from the first SRMif the determining unit determines that the first SRM and the second SRMbelong to the same subscriber; and

an executing unit, configured to send the license to the second SRM.

In the prior art, one moving right is deducted when the license movesfrom SRM1 to the device, and the other moving right is deducted when thelicense moves from the device to SRM2. By contrast, in the embodimentsof the present invention, the license forwarded by the DRM agent is setto the forwarding state, and only one moving right needs to be deducted,and therefore, the consumption of the moving rights is reduced and thesubscriber's rights are protected.

In another embodiment of the present invention, the rights in SRM 1 aredeleted only if SRM2 determines that it is capable of installing therights. In the case that SRM2 is incapable of installing the rights, theDRM agent can recover the original rights on SRM1 easily by recoveringthe available state of the rights.

In another embodiment of the present invention, a Secure AuthenticatedChannel (SAC) is set between SRM1 and SRM2, the SAC moves the license,and a DRM agent is responsible only for forwarding the license. Becausethe forwarded rights are encrypted through the key negotiated betweenSRM1 and SRM2, the DRM agent is unable to execute operations for therights. Therefore, the security of the rights is improved.

In another embodiment of the present invention, because an RI submitsthe rights to SRM2, it is not necessary to consume the moving rights orthe copying rights. Therefore, the fourth embodiment is also applicableto sharing of the license between SRMs of the same subscriber.

In other embodiments of the present invention, a license is sharedbetween the SRMs that belong to the same subscriber. The DRM agentqueries the RI about the subscriber to whom the

SRM belongs. If the RI is unaware of the subscriber to whom the SRMbelongs, the DRM agent may need to query another entity such assubscriber manage server about the subscriber to whom the SRM belongs.Alternatively, the DRM agent queries the entity that manages therelations between the SRM and the subscriber (such as subscriber manageserver) directly about the subscriber to whom the SRM belongs. In thiscase, because the license is shared between the SRMs that belong to thesame subscriber, no sharing rights need to be deducted, and thesubscriber's resources are saved.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flowchart of a method for sharing a license between SRMsaccording to the first embodiment of the present invention;

FIG. 2 is a flowchart of a method for sharing a license between SRMsaccording to the second embodiment of the present invention;

FIG. 3 is a flowchart of a method for sharing a license between SRMsaccording to the third embodiment of the present invention;

FIG. 4 is a flowchart of negotiating a shared key between SRMs shown inFIG. 3 according to an embodiment of the present invention;

FIG. 5 is a flowchart of a method for sharing a license between SRMsaccording to the fourth embodiment of the present invention;

FIG. 6 is a flowchart of a method for sharing a license between SRMs ofthe same subscriber according to the fifth embodiment of the presentinvention;

FIG. 7 is a flowchart of a method for sharing a license between SRMs ofthe same subscriber according to the sixth embodiment of the presentinvention;

FIG. 8 shows a structure of a first apparatus on a DRM agent accordingto an embodiment of the present invention;

FIG. 9 shows a structure of a second apparatus on a DRM agent accordingto an embodiment of the present invention;

FIG. 10 shows a structure of a third apparatus on a first SRM accordingto an embodiment of the present invention;

FIG. 11 shows a structure of a fourth apparatus on a second SRMaccording to an embodiment of the present invention;

FIG. 12 shows a structure of a fifth apparatus on an RI or subscribermanager according to an embodiment of the present invention; and

FIG. 13 shows a structure of a sixth apparatus on a DRM agent accordingto an embodiment of the present invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

The embodiments of the present invention provide a solution to sharing alicense between SRMs. Only one sharing right is consumed when thelicense in SRM1 is shared with SRM2 through a DRM agent or RI.

The license sharing mentioned above includes moving and copying of thelicense. The following method embodiments primarily take the movingoperation as an example.

The embodiments of the method for sharing a license between SRMs areelaborated below.

Overall, the method in the first embodiment and the method in the secondembodiment include the following steps:

A DRM agent obtains the license from a first SRM, and sets the licenseto a forwarding state locally;

the DRM agent deducts one right of sharing the license; and

the DRM agent sends the license to a second SRM.

Sharing of a license refers to copying or moving of the license, andsharing of rights refers to copying or moving of the rights.

When sharing of a license refers to moving of the license, the followingstep needs to be performed additionally: The DRM agent triggers thefirst SRM to delete the license.

The first embodiment differs from the second embodiment in the time ofperforming the steps. In the first embodiment, the DRM agent triggersthe first SRM to delete the license after the DRM agent sets theobtained license to a forwarding state; in the second embodiment, theDRM agent triggers the first SRM to delete the license after the DRMagent determines that the license is received by the second SRM.

First of all, the first embodiment is described below.

FIG. 1 is a flowchart of a method for sharing a license between SRM1 andSRM2 in the first embodiment of the present invention. The methodincludes the following steps:

S101: The DRM agent and SRM agent 1 authenticate each other, and aSecure Authenticated Channel (SAC) is set up between them. In theauthentication process, the license is exchanged between DRM agent andSRM agent 1, and is checked for validity. A random number is exchangedbetween them, and a communication key is generated according to therandom number. The communication keys include an encryption key and anintegrity protection key.

The method of setting up a SAC between the DRM agent and the SRM agentis covered in the prior art, and is not detailed here any further.

S102-S103: The DRM agent initiates a process of moving the rights onSRM1 to SRM2 directly. This operation may be triggered by interactionbetween the subscriber and the DRM agent. The DRM agent obtains therights information and the REK from SRM1, which is covered in the priorart.

S104: The DRM agent authenticates the rights information and the movingrights, and deducts the moving rights after the authentication succeeds,which is covered in the prior art. The deduction of the moving rightsmay be: deducting one from the remaining moving rights in the stateinformation corresponding to the rights, or adding one to the consumedmoving rights in the state information corresponding to the rights. Oncethe rights are set to a forwarding state on the device, it means thatthe rights need to be moved to another SRM and are not available to theDRM agent for consuming contents. In this case, if the DRM agent knowsthat the rights will be moved to SRM2, the DRM agent may specify theSRM2 identifier.

S105-106: The DRM agent instructs SRM agent 1 to delete the rights,which is covered in the prior art.

S107-S108: The DRM agent checks whether SRM2 has enough space forinstalling the rights, which is covered in the prior art.

Before S107, the DRM agent and SRM agent 2 authenticate each other, anda SAC is set up between them. This step is S107 a in FIG. 1. If the DRMagent can interact with two SRM agents simultaneously, S107 a may occurat any time before S107.

If the DRM agent cannot interact with two SRM agents simultaneously,before S107, the DRM agent may be disconnected from SRM1 first, and thenget connected with SRM2 to perform subsequent steps. The subscriber mayoperate the device to trigger the implementation of the subsequentsteps. Specifically, the rights may be saved as a file of a specialformat in the device. The subscriber browses and determines that therights are in the forwarding state, and chooses to move the file toanother SRM to complete the forwarding. Alternatively, the deviceindicates the rights information to the subscriber, and the subscriberchooses whether to continue with the moving. Alternatively, the deviceperforms the operation automatically according to the identifier of thedestination device correlated with the rights. For example, when gettingconnected to SRM2, the device searches for local rights which are in theforwarding state and correlated with SRM2 as a destination device, andperforms the steps after S107 automatically.

S109-S110: The DRM agent sends a rights installation request message toSRM agent 2. The rights installation request message carries a handle, aREK, a list of hash values of the content identifier, and rightsinformation. SRM2 installs the rights and returns a response, withoutdeducting the moving rights for a second time. Therefore, the number oftimes of deducting the moving rights is reduced.

S111: If SRM2 installs the rights successfully, the DRM agent deletesthe local rights.

Optionally, the moving rights are not deducted in S104, but are deductedon the device after the rights are installed onto SRM2.

Besides, after S106, the device may retain the record of the source SRMthat forwards the rights, namely, record of SRM1. In this way, if theprocess of installing the rights onto SRM2 fails, for example, due todeficient space of SRM2, the rights can be recovered to SRM1, and thesubscriber's rights are protected.

The first embodiment deals with the license sharing method by takinglicense moving as an example. As mentioned above, license sharing stillincludes license copying. The process of copying a license in SRM1 toSRM2 is similar to FIG. 1, but differs in that the copying rights areconsumed in the copying process: The DRM agent deducts one right ofcopying the license on SRM1, and the license sent by the DRM agent toSRM2 does not include copying right. Alternatively, the DRM agentdeducts one right of copying the license sent to SRM2, and deducts allrights of copying the license on SRM1. SRM1 does not need to delete thelicense.

In the prior art, one sharing right is deducted when the license movesfrom SRM1 to the device, and the other sharing right is deducted whenthe license moves from the device to SRM2.

By contrast, in this embodiment of the present invention, the rightsforwarded by the DRM agent are set to the forwarding state, and only onemoving right needs to be deducted, and therefore, the consumption of themoving rights is reduced and the subscriber's rights are protected.

Described below is a second embodiment of the method for sharing alicense between SRMs.

In S107-S108 of FIG. 1 in the first embodiment, if the process ofinstalling the rights onto SRM2 fails, the rights are recovered to SRM1,which is rather complicated. A simpler solution is to make sure thatSRM2 has enough space for installing the rights and then delete therights on SRM1.

As shown in FIG. 2, the process of the second embodiment includes thefollowing steps:

S201: The DRM agent, SRM agent 1, and SRM agent 2 authenticate eachother, and a SAC is set up between them. The mutual authenticationbetween the DRM agent and SRM agent 2 may occur at any time before S205.

S202-S203: The DRM agent initiates a process of moving the rights onSRM1 to SRM2 directly. This operation may be triggered by interactionbetween the subscriber and the DRM agent.

The DRM agent obtains the rights information and the REK from SRM1.

S204: The DRM agent authenticates the rights information and the movingrights, and deducts the moving rights after the authentication succeeds.The operation of deducting the moving rights may be performed afterS206.

S205-S206: The DRM agent checks whether SRM2 has enough space forinstalling the rights.

S207-S208: The DRM agent sends a rights installation request message toSRM agent 2. The rights installation request message carries a handle, aREK, a list of hash values of the content identifier, and rightsinformation. SRM2 installs the rights and returns a response. If SRM2installs the rights successfully, the DRM agent deletes the localrights.

S209-S210: If SRM2 installs the rights successfully, the DRM agentinstructs SRM agent 1 to delete the rights.

S209-S210 may occur after S206.

If the process of installing the rights onto SRM2 fails, for example,due to deficient space of SRM2, the DRM agent may cancel the movingoperation, and recover the original rights on SRM1. If the DRM agent isdisconnected from an SRM, the DRM agent may keep a disconnection log.The disconnection log includes: operation type, current state, licenseidentifier, SRM1 identifier, handle 1 on SRM1 corresponding to thelicense, SRM2 identifier, and handle 2 on SRM2 corresponding to thelicense on SRM2. At the next attempt of connection, the license isrecovered according to the information in the disconnection log: The DRMagent continues sending the license to SRM2 to complete the operation;or cancels the operation and recovers the license to SRM 1.

In order to improve the security of the REK to some extent, the DRMagent may submit the public key or license of SRM2 to SRM agent 1. SRMagent 1 uses the public key of SRM2 to encrypt the REK, and transmitsthe REK to SRM2 through the DRM agent.

Evidently, the second embodiment differs from the first embodiment inthat: The rights in SRM1 are deleted only if SRM2 determines that it iscapable of installing the rights. In the case that SRM2 is incapable ofinstalling the rights, the DRM agent can recover the original rights onSRM1 easily by recovering the available state of the rights.

Described below is a third embodiment of the method for sharing alicense between SRMs.

In the third embodiment, with assistance of the DRM agent, a SAC is setup between SRM1 and SRM2, and the license is shared through a SAC key.The third embodiment still takes license moving as an example, and thescenario of copying a license is similar.

Overall, the third embodiment includes the following steps:

A DRM agent triggers a first SRM and a second SRM to negotiate a sharedkey;

the first SRM encrypts partial or complete information of the license byusing the shared key; and

the first SRM sends the license to the second SRM.

The third embodiment is elaborated below with reference to FIG. 3.

As shown in FIG. 3, the process of the third embodiment includes thefollowing steps:

S301: The DRM agent, SRM agent 1, and SRM agent 2 exchange the supportedtrust anchor with each other.

S302: The DRM agent triggers authentication of SRM agent 1 and SRM agent2. The authentication trigger message carries the selected trust anchor.The DRM agent may select the trust anchor according to the rights to bemoved. Optionally, the authentication trigger message may further carryan SRM2 identifier. To trigger this step, the subscriber may choose tomove the rights between the two SRMs.

S303: SRM agent 1 sends an authentication request to SRM agent 2. Theauthentication request carries a trust anchor, an SRM1 certificatechain, and the algorithm supported by SRM agent 1. If directcommunication is enabled between SRM agent 1 and SRM agent 2, themessage does not need to pass through the DRM agent; otherwise, allmessages need to be forwarded by the DRM agent.

S304: SRM agent 2 returns an authentication response to SRM agent 1. Theauthentication response carries an SRM agent 2 certificate chain, thealgorithm selected by SRM2, and random number 1 (RN1) for generating akey. RN1 needs to be transmitted after being encrypted through a publickey of SRM2.

S305: SRM agent 1 sends a key exchange request to SRM agent 2. The keyexchange request carries random number 2 (RN2) for generating a key. RN2needs to be transmitted after being encrypted through a public key ofSRM1.

S306: SRM agent 2 returns a key exchange response to SRM agent 1. Thekey exchange response may carry the hash value of the connection valueof RN1 and RN2 for confirming the random number. By now, SRM1 and SRM2have obtained RN1 and RN2, and use RN1 and RN2 respectively to generatea session key and a Media Access Control (MAC) key.

S307: The DRM agent triggers SRM agent 1 to move rights to SRM2. Themoving trigger message may carry a handle or a license identifier on theSRM1, wherein the handle or license identifier on the SRM1 correspondsto the right.

S308: SRM agent 1 sends an initial moving request to SRM agent 2. Theinitial moving request carries size of the rights, and optionally,carries a handle on the SRM2 corresponding to the rights.

S309: SRM agent 2 checks whether enough space is available forinstalling the rights locally. If a handle is sent by SRM agent 1 inS508, SRM agent 2 needs to check whether the handle sent by SRM agent 1is a duplicate of the handle on SRM2, and add the check result into aninitial moving response returned to SRM agent 1. If no handle is sent bySRM agent 1 in S308, SRM agent 2 may generate a handle automaticallywhich is different from other handles existent locally, and may returnthe generated handle through the initial moving response.

S310: SRM agent 1 sends a moving request to SRM agent 2. The movingrequest carries rights information, a REK, and a content identifiercorrelated to the rights. If SRM agent 1 knows the handle correlatedwith the rights on SRM2, this handle may be carried in the movingrequest.

S311: SRM agent 2 authenticates the rights information, deducts themoving rights after the authentication succeeds, and stores the rightsinto SRM2.

Optionally, SRM agent 1 may check and deduct the moving rights beforeS310. In this case, SRM agent 2 does not need to deduct the movingrights in step S311.

The third embodiment differs from the first embodiment and the secondembodiment in that: A SAC is set between SRM1 and SRM2; the license ismoved through the SAC; and a DRM agent is responsible only forforwarding the license. Because the forwarded rights are encryptedthrough the key negotiated between SRM1 and SRM2, the DRM agent isunable to execute operations for the rights. Therefore, the security ofthe rights is improved.

However, if SRM1 and SRM2 are incapable of authenticating the rights,the DRM agent may authenticate the rights instead and deduct the movingrights. This operation may be performed in S310, and the prerequisite isthat SRM agent 1 or SRM agent 2 notifies the MAC key to the DRM agent.

S301-S306 in FIG. 3 is a process of negotiating the shared key betweentwo SRMs. This process is put forward in an embodiment of the presentinvention, and is outlined below:

The DRM agent initiates an authentication process to the SRM 1 andobtains the first SRM certificate chain;

the DRM agent initiates an authentication process to the SRM 2, sendsthe obtained first SRM certificate chain to the second SRM, and obtainsthe second SRM certificate chain and a second random number from the SRM2, where the second random number is encrypted through the first SRMpublic key;

the DRM agent initiates a key exchange process to the SRM 1, sends thesecond SRM certificate chain and the second random number encryptedthrough the first SRM public key to the SRM 1, and obtains the firstrandom number encrypted through the second SRM public key from the SRM1;

the DRM agent initiates a key exchange process to the SRM 2, and sendsthe first random number encrypted through the second SRM public key tothe SRM 2; and

the SRM land the SRM 2 use the first random number and the second randomnumber to determine a shared key.

This process may occur together with the process of negotiating theshared key between the DRM agent and the two SRMs. As shown in FIG. 4,this process includes:

S401: The DRM agent, SRM agent 1, and SRM agent 2 exchange the supportedtrust anchor with each other.

S402: The DRM agent sends an authentication request to SRM agent 1. Theauthentication request carries the selected trust anchor and a devicecertificate chain corresponding to this trust anchor. The DRM agent mayselect the trust anchor according to the rights to be moved.

S403: SRM agent 1 returns an authentication response. The responsemessage carries an SRM1 certificate chain, and a random number (RNs1d)encrypted through a device public key.

S404: The DRM agent sends a three-party authentication request to SRMagent 2. The three-party authentication request carries the selectedtrust anchor, a device certificate chain corresponding to this trustanchor, and an SRM1 certificate chain.

S405: SRM agent 2 returns a three-party authentication response. Thethree-party authentication response carries an SRM2 certificate chain, arandom number (RNs2d) encrypted through a device public key, and arandom number (RNs2s1) encrypted through an SRM1 public key.

S406: The DRM agent sends a three-party key exchange request to SRMagent 1. The three-party key exchange request carries an SRM2certificate chain, a random number (RNs2s1) encrypted through an SRM1public key, and a random number (RNds1) encrypted through an SRM1 publickey (the random number may be encrypted through the SRM1 public keyafter being connected with hash of RNs1d).

S407: SRM agent 1 returns a three-party key exchange response. Thethree-party key exchange response carries a random number (RN s1s2)encrypted through an SRM2 public key (the random number may be encryptedthrough the SRM2 public key after being connected with hash of RNs2s1),and optionally carries the hash of the connection value of RNds1 andRNs1d.

S408: The DRM agent sends another three-party key exchange request toSRM agent 2. The another three-party key exchange request carries arandom number (RNs1s2) encrypted through an SRM2 public key (the randomnumber may be encrypted through the SRM2 public key after beingconnected with hash of RNs2s1), and a random number (RNds2) encryptedthrough the SRM2 public key (the random number may be encrypted throughthe SRM2 public key after being connected with hash of RNs2d).

S409: SRM agent 2 returns another three-party key exchange response. Theanother three-party key exchange response may carry hash of theconnection value of RN s1s2 and RNs2s1 and hash of the connection valueof RNds2 and RNs2d.

By now, a pair of random numbers has been shared between the DRM agent,SRM agent 1, and SRM agent 2, which can generate a key independently byusing the shared random number. In this way, when SRM1 moves rights toSRM2, important information such as REK can be encrypted through the keyshared with SRM2, and other information can be encrypted through the keyshared with the DRM agent, or its integrity can be protected tofacilitate DRM agent processing.

The random number submitted by the DRM agent to SRM agent 1 may be thesame as the random number submitted by the DRM agent to SRM agent 2. Inthis way, the three parties can use the shared random number to generatea three-party shared key.

Alternatively, the DRM agent may use RNs1d provided by SRM agent 1 asRNds2, and submit it to SRM agent 2; and use RNs2d provided by SRM agent2 as RNds1, and submit it to SRM agent 1. In this way, a key shared bythe three parties can also be generated.

Currently, when the SRM agent and the DRM agent use the random number togenerate a key, they are connected according to the order of RNd andRNs. However, in this solution, in order to ensure consistency of thekey, they may be connected according to the transmission order for eachpair of random numbers. That is, SRM agent 1 gets connected according tothe order of RNs1d and RNds1, and SRM agent 2 gets connected accordingto the order of RNds2 and RNs2d. On the condition that the consistencyof the key is not affected, the key may be generated in other modes.

In the process of moving rights from SRM1 to SRM2 through the DRM agent,to be on the safe side, SRM1 confirms that SRM2 has received the rightsbefore deleting the rights on SRM1. Specifically, the confirmationinformation of SRM2 may be an installation information signature affixedwith a private key (such as REK), or a result of encrypting theinstallation information by using a key shared by only SRM1 and SRM2(REK); or SRM1 submits confirmation information (such as random number)to SRM2, and this confirmation information may be transmitted afterbeing encrypted through the public key of SRM2 or the key shared by SRM1and SRM2. SRM2 indicates to SRM1 that the confirmation information isreceived. For example, SRM2 uses a private key to convert the signatureor confirmation information in a certain way (such as hash operation ora simple operation of adding 1), and then uses a key shared by SRM1 andSRM2 to encrypt the converted result and returns it.

Described below is a fourth embodiment of the method for sharing alicense between SRMs.

In the foregoing solution, the rights are moved between two SRMs throughthe DRM agent. In some circumstances, the two SRMs may be located indifferent places, and cannot be connected to the same DRM agentdirectly, and the rights need to be forwarded by more than one DRMagent. For example, DRM agent 1 obtains the rights from SRM1, moves therights to DRM agent 2, and indicates to the DRM agent 2 that the rightsare directed to SRM2. DRM agent 2 moves the rights to SRM2.

Besides, the rights may be moved between two SRMs through an RI, asoutlined below:

The DRM agent 1 obtains a license from the SRM 1 and sends the licenseto the RI; and

the DRM agent 2 obtains the license from the RI, and sends the licenseto the SRM 2.

As shown in FIG. 5, the process includes the following detailed steps:

S501: The RI sends a ROAP trigger{SRMROUpload} to DRM agent 1,triggering the device to upload the license on the SRM. The ROAP triggerincludes information such as RI identifier and RI URL, and includes aroRequested property of the Boolean type indicating whether the RIrequires the SRM to report the rights to be uploaded. If the RI hasbuffered the delivered license, the value of the roRequested property is“false”; otherwise, the value of the roRequested property is “true”.Optionally, the trigger includes an SRM1 identifier and a licenseidentifier. This step is optional. The subscriber may use a man-machineinterface to operate the device to upload the license on SRM1, and theprocess starts from S502 directly.

S502: DRM agent 1 sends a RightsUpload request message to SRM agent 1.The RightsUpload request message carries a handle that identifies therights, and a new handle for replacing handle that identifies the rightsBefore S502, DRM agent 1 and SRM agent 1 need to authenticate eachother, and a SAC is set up between them.

S503: SRM agent 1 judges whether the new handle is a duplicate of otherlocal handles. If the new handle is not a duplicate, SRM agent 1replaces the handle that identifies the rights with the new handle, andsets the rights to the unavailable state. SRM agent 1 returns aRightsUpload response message to DRM agent 1. If the new handle is not aduplicate, the RightsUpload response message further carries the rightsinformation, REK, Kmac, timestamp, and signature affixed by SRM agent 1for {flag indicative of upload, REK, RI identifier, timestamp}.

S504: DRM agent 1 checks whether the RI signature in the rightsinformation and the state information exceed the original rights.

S505: DRM agent 1 sends a SRMROUpload request message to the RI. TheSRMROUpload request message not only carries public parameters such asidentifier of device 1, RI identifier, nonce, timestamp, and certificatechain of device 1, but also carries upload information:

-   -   RightsObjectContainer part in the rights information obtained        from SRM agent 1

(namely, <rights> and <signature> in the license delivered by theoriginal RI) or a result of converting its format. If the RI marksroRequested as “false” in ROAP trigger {SRMROUpload}, this parameter isomissible;

-   -   state information in the rights information obtained from SRM        agent 1 if the license has a state;    -   REK and Kmac encrypted through an RI public key;    -   an SRM1 identifier, SRM1 certificate chain, timestamp in the        SRMRightsUpload response message, signature affixed by SRM agent        1 for {flag indicative of upload, REK, RI identifier,        timestamp}; and    -   a result of performing MAC operation for the foregoing        parameters by using Kmac.

DRM agent 1 needs to affix a signature to the parameters in the requestmessage, and sends the request message that carries the signature to theRI.

S506: The RI verifies the parameters in the request message:

-   -   If the request menage carries a DRM agent 1 certificate chain,        the RI verifies the validity of the certificate chain (which may        be implemented through OCSP or CRL), and uses the DRM agent 1        certificate chain in the request message or the DRM agent 1        certificate chain in the local device context of the RI to        verify the DRM agent 1 signature in the request message.    -   The RI obtains REK and Kmac through decryption, and applies the        MAC value in the Kmac verification request message.    -   The RI verifies validity of the SRM1 certificate chain, possibly        through OCSP or CRL, and uses the SRM1 certificate chain to        verify the validity of the SRM1 signature information.    -   The RI verifies whether the timestamp in the request message is        earlier than the current time, and whether the timestamp in the        SRMRightsUpload response message is earlier than the timestamp        in the request message.    -   The RI verifies correctness of <rights> and <signature> (if they        exist in the request message), and, if the license has a state,        the RI verifies whether the state information falls within the        original license.    -   The RI attempts to use the REK to decrypt the CEK in the        <rights> element, and verifies correctness of the REK and the        rights.

S507: DRM agent 1 sends a RightsRemovalRequest message to SRM agent 1.The message carries a handle that identifies the rights. This handle isthe new handle in S502.

S508: SRM agent 1 deletes the rights corresponding to the handle in theRightsRemovalRequest message, and returns a RightsRemovalResponsemessage that carries the processing result to DRM agent 1.

S509: The RI sends another ROAP trigger{SRMROAcquisition} to DRM agent2, triggering DRM agent 2 to help SRM2 obtain the uploaded license. Theanother ROAP trigger includes these parameters: RI identifier, RI alias,RI URL, license identifier, license alias, content identifier, and anindication of whether the RI stores the certificate chain of device 2and SRM2. DRM agent 2 and DRM agent 1 may be the same DRM agent. Thisstep is optional. The subscriber may use a man-machine interface tooperate the device to obtain the license in place of SRM2, and theprocess starts from S510 directly.

S510: DRM agent 2 sends a request for obtaining the license to the RI.The request carries: device 2 identifier, RI identifier, nonce,timestamp, license identifier, SRM2 identifier, certificate chain ofdevice 2, and certificate chain of SRM2. If the trigger indicates thatthe RI already stores the certificate chain of device 2 or SRM2, thecertificate chain does not need to be carried in this request. BeforeS510, DRM agent 2 and SRM agent 2 need to authenticate each other, and aSAC is set up between them.

S511: The RI returns a license response to DRM agent 2. The responsecarries: device 2 identifier, RI identifier, nonce, protected license,and RI certificate chain (if the request from DRM agent 2 indicates thatDRM agent 2 has stored the RI certificate chain, the RI certificatechain does not need to be carried in this license response). The licensemay be bound to SRM2, or bound to DRM agent 2, but it is indicated thatthe licensed need be provided to SRM2.

S512: DRM agent 2 writes the license delivered by the RI into SRM2. Ifthe license is bound to SRM2, DRM agent 2 may send the encryptedconnection value of REK and Kmac to SRM agent 2 first, SRM agent 2 sendsthe connection value to Kmac, and uses the connection value to verifyintegrity of the license. DRM agent 2 writes the rights and thesignature into SRM2. If the license is bound to DRM agent 2, DRM agent 2obtains the REK through decryption, and writes the REK together with therights and the signature into SRM2.

In the foregoing process, S507-S508 may occur before, during, or afterS509-S512.

In the foregoing embodiments of the method for sharing a license betweenSRMs, the first embodiment to the third embodiment involve consumptionof only one moving right or copying right; in the fourth embodiment,because the RI provides the license for SRM2, no moving right or copyingright needs to be consumed. Therefore, the fourth embodiment is alsoapplicable to the scenario of sharing a license between SRMs of the samesubscriber. If the sharing rights need to be consumed for sharing of thelicense between SRMs of the same subscriber, the subscriber incurslosses. Therefore, a solution to sharing a license between SRMs of thesame subscriber without consuming sharing rights is provided in anembodiment of the present invention.

Although no moving right is consumed for sharing of a license betweenthe SRMs of the same user, the RI needs to verify that SRM2 and SRM1belong to a same subscriber. Multiple verification methods areapplicable: The RI performs the verification according to the mappingrelation between the locally stored SRM identifier and the subscriberidentifier, or the RI queries another entity such as subscriber manager,or the RI performs the verification according to the informationprovided by the subscriber when the subscriber attempts to use the SRM(for example, password, and an answers to a question).

The subscriber may upload multiple licenses to the RI at a singleattempt, or install multiple licenses onto SRM2 at a single attempt.This batch processing mode is especially applicable to the scenario thatthe subscriber replaces the SRM card.

The following solution serves as a substitute of the solution to sharingrights between SRMs of the same subscriber: The DRM agent queries the RIabout whether SRM1 and SRM2 belong to the same subscriber, and therights are shared directly, without requiring the RI to re-generate thelicense.

Overall, the method for sharing a license between SRMs of the samesubscribers in an embodiment of the present invention includes:

The DRM agent sends the license obtained from a first SRM to a secondSRM after determining that the first SRM and the second SRM belong tothe same subscriber.

The fifth embodiment differs from the sixth embodiment in how the DRMagent queries the RI or the subscriber manager about whether the firstSRM and the second SRM belong to the same subscriber.

Detailed below are embodiments of the method for sharing a licensebetween SRMs of the same subscriber.

First, the fifth embodiment of the method for sharing a license betweenSRMs of the same subscriber is described below.

Overall, the process of querying whether the first SRM and the secondSRM belong to the same subscriber in the fifth embodiment is:

By sending a query message that carries the identifier of the SRM 1 tothe RI or subscriber manage server, the DRM agent queries the subscriberto whom the SRM 1 belongs;

by sending another query message that carries the identifier of the SRM2 to the RI or subscriber manage server, the DRM agent queries thesubscriber to whom the SRM 2 belongs; and the DRM agent checks whetherthe SRM 1 and the SRM 2 belong to the same subscriber.

As shown in FIG. 6, the process of the fifth embodiment includes thefollowing steps:

S601: The DRM agent shares the rights on SRM1 with SRM 2 of the samesubscriber according to a subscriber request, and obtains rightsinformation and a REK from SRMI. Before S601, the DRM agent and SRMagent 1 need to authenticate each other, and a SAC is set up between theDRM agent and SRM agent 1.

S602-S603: The DRM agent queries the RI about the subscriber to whomSRM1 belongs. The query request carries an SRM1 identifier, and the RIreturns a response message that carries the subscriber identifier.

S604: The DRM agent checks whether the RI signature in the rightsinformation and the state information exceed the original rights in therights information, and installs the rights if they do not exceed theoriginal rights. When installing the rights, the DRM agent identifiesthe unavailable state of the rights, and correlates the rights with thesubscriber identifier returned by the RI in S603.

S605: If the sharing operation is a moving operation, the DRM agentinstructs SRM1 to delete the rights, as detailed in S105-S106 in FIG. 1.

S606-S607: DRM agent shares the rights with SRM2. Because the rights arebound to the subscriber identifier, the DRM agent queries the RI aboutthe subscriber to whom SRM2 belongs. The query request carries an SRM2identifier, and the RI returns a response message that carries thesubscriber identifier. Before S606, the DRM agent and SRM agent 2 needto authenticate each other, and a SAC is set up between them.

S608: The DRM agent checks whether the subscriber of SRM2 is the same asthe subscriber bound to the rights, namely, the same as the subscriberof SRM1. If the subscriber is the same, the DRM agent performs S609, orelse rejects to share the rights with SRM2.

S609: The DRM agent installs the rights onto SRM2, as detailed inS107-S110 in FIG. 1.

S610: If SRM2 installs the rights successfully, the DRM agent deletesthe local rights.

Now, the sixth embodiment of the method for sharing a license betweenSRMs of the same subscriber is described below.

In the fifth embodiment, the DRM agent queries the subscriber of SRMIand the subscriber of SRM2 respectively and compares the twosubscribers; in the sixth embodiment, however, the DRM agent reports theidentifier of SRM1 and the identifier of SRM2 to the RI, and the RIcompares the two subscribers and returns a comparison result. In thiscase, the DRM agent does not need to understand details of thesubscriber identifier.

Overall, the process of querying the subscriber of the first SRM and thesubscriber of the second SRM in the sixth embodiment is:

By sending a query message that carries the identifier of the SRM 1 andthe identifier of the SRM 2 to the RI or subscriber manager, the DRMagent checks whether the first SRM and the second SRM belong to the samesubscriber; and

the RI or subscriber manager returns a query response to the DRM agent,indicating whether the first SRM and the second SRM belong to the samesubscriber.

As shown in FIG. 7, the process of the sixth embodiment includes thefollowing steps:

S701: The DRM agent shares the rights on SRM1 with another SRM of thesame subscriber according to a subscriber request, and obtains rightsinformation and a REK from SRM1, as detailed in S102-S103 in FIG. 1.Before S701, the DRM agent and SRM agent 1 need to authenticate eachother, and a SAC is set up between the DRM agent and SRM agent 1.

S702: The DRM agent checks whether the RI signature in the rightsinformation and the state information exceed the original rights in therights information, and installs the rights if they do not exceed theoriginal rights. When installing the rights, the DRM agent identifiesthe unavailable state of the rights, and correlates the rights with thesubscriber of SRM1.

S703: If the sharing operation is a moving operation, the DRM agentinstructs SRM1 to delete the rights, as detailed in S105-S106 in FIG. 1.

S704-S705: DRM agent shares the rights with SRM2. Because the rights arebound to the subscriber of SRM1, the DRM agent queries the RI aboutwhether SRM1 and SRM2 belong to the same subscriber. The query requestcarries the identifier of SRM1 and the identifier of SRM2. The RI checkswhether the subscriber correlated with SRM1 is the same as thesubscriber correlated with SRM2, and returns a check result through aresponse message. If the result shows that SRM1 and SRM2 belong to thesame subscriber, the DRM agent performs S706; otherwise, the DRM agentrejects to share the rights with SRM2. Before S904, the DRM agent andSRM agent 2 need to authenticate each other, and a SAC is set up betweenthem.

S706: The DRM agent installs the rights onto SRM2, as detailed inS107-S110 in FIG. 1.

S707: If SRM2 installs the rights successfully, the DRM agent deletesthe local rights.

In the sixth embodiment, the DRM agent obtains the license from SRM1first, and then queries the RI about whether SRM1 and SRM2 belong to thesame subscriber. If the destination SRM is already determined when thesubscriber initiates the sharing, optionally, the DRM agent queries theRI about whether SRM1 and SRM2 belong to the same subscriber first, andthen obtains the license from SRM1. Besides, the DRM agent may checkwhether SRM2 has enough space for installing the rights and then deletesthe rights on SRM1.

In the foregoing two embodiments of the method for sharing a licensebetween the SRMs that belong to the same subscriber, the DRM agentqueries the RI about the subscriber to whom the SRM belongs. If the RIis unaware of the subscriber to whom the SRM belongs, the DRM agent mayneed to query another entity such as subscriber manage server about thesubscriber to whom the SRM belongs. Alternatively, the DRM agent queriesthe entity that manages the relations between the SRM and the subscriber(such as subscriber manager) directly about the subscriber to whom theSRM belongs.

In the foregoing two embodiments of the method for sharing a licensebetween the SRMs that belong to the same subscriber, it is assumed thatSRM1 and SRM2 are connected with the same DRM agent. In somecircumstances, the two SRMs are located in different places and cannotbe connected to the same DRM agent, and the rights need to be forwardedby more than one DRM agent. For example, FIG. 6 is modified in that twoDRM agents exist: DRM agent 1 connected to SRM1 and DRM agent 2connected to SRM2. Specifically, DRM agent 1 queries the subscriber ofSRM1, and, when moving the license to DRM agent 2, specifies that therights can be shared only with the SRM of this subscriber. DRM agent 2determines that SRM2 belongs to the same subscriber before installingthe rights onto SRM2. Alternatively, after determining that SRM1 andSRM2 belong to the same subscriber, DRM agent 1 shares the license withDRM agent 2 and specifies that the license is finally shared with SRM2,and then DRM agent 2 installs the rights onto SRM2. Alternatively, theDRM agent shares the license with DRM agent 2 and specifies that thelicense is shared with the SRM that belongs to the same subscriber ofSRM1. After determining that SRM1 and SRM2 belong to the samesubscriber, the DRM agent installs the rights onto SRM2. FIG. 7 ismodified in the following way: DRM agent 1 queries the RI about thesubscriber of SRM1 and the subscriber of SRM2; after the RI determinesthat SRM1 and SRM2 belong to the same subscriber, DRM agent 1 shares thelicense with DRM agent 2, and DRM agent 2 installs the rights onto SRM2.Alternatively, DRM agent 1 shares the license with DRM agent 2, and DRMagent 2 queries the RI about the subscriber of SRM1 and the subscriberof SRM2; after the RI determines that SRM1 and SRM2 belong to the samesubscriber, DRM agent 2 installs the rights onto SRM2. Evidently, in thefifth embodiment and the sixth embodiment, the license is shared betweentwo SRMs of the same subscriber without consuming the sharing rights,the subscriber's rights are protected.

In conclusion, when the subscriber initiates sharing of a licensebetween two SRMs, the device may judge whether the two SRMs belong tothe same subscriber: if they belong to the same subscriber, the licenseis shared directly without checking the sharing rights, as illustratedin the fifth embodiment and the sixth embodiment; if they belong todifferent subscribers, the device checks the sharing rights and deductsone right of sharing the license, as illustrated in the first embodimentand the second embodiment.

Corresponding to the method embodiments above, various apparatuses areprovided herein.

The first apparatus provided herein refers to DRM agent or a functionalentity located in the DRM agent. The apparatus performs the functions ofthe DRM agent shown in FIG. 1 or FIG. 2. As shown in FIG. 8, theapparatus includes:

an obtaining unit 801, configured to obtain the license from a firstSRM;

a forwarding setting unit 802, configured to set the license obtained bythe obtaining unit 801 to a forwarding state;

a sending unit 803, configured to send the license obtained by theobtaining unit 801 to a second SRM; and

a controlling unit 804, configured to deduct one right of sharing thelicense.

Preferably, the apparatus further includes:

a deletion requesting unit 805, configured to request the first SRM todelete the license; and

a deletion response receiving unit 806, configured to receive a licensedeletion response returned by the first SRM.

The second apparatus provided herein refers to DRM agent or a functionalentity located in the DRM agent. The apparatus performs the functions ofthe DRM agent shown in FIG. 3. As shown in FIG. 9, the apparatusincludes: an SRM interacting unit 901, configured to trigger a first SRMand a second SRM to perform key negotiation; and a forwarding unit 902,configured to forward the license of the first SRM to the second SRM.

The third apparatus provided herein refers to the first SRM or afunctional entity located in the first SRM. The apparatus performs thefunctions of SRM1 shown in FIG. 3. As shown in FIG. 10, the apparatusincludes:

a key negotiating unit 1001, configured to perform key negotiation withthe second SRM;

a processing unit 1002, configured to encrypt partial information orcomplete information of the license by using a shared key negotiatedwith the second SRM; and

a sending unit 1003, configured to send the license to the second SRM.

Preferably, the apparatus further includes: a deleting unit 1004,configured to delete the local license after confirming that the secondSRM receives the license.

The fourth apparatus provided herein refers to the second SRM or afunctional entity located in the second SRM. The apparatus performs thefunctions of SRM2 shown in FIG. 3. As shown in FIG. 11, the apparatusincludes:

a key negotiating unit 1101, configured to perform key negotiation witha first SRM;

a receiving unit 1102, configured to receive the license sent by thefirst SRM; and

a rights deducting unit 1103, configured to deduct one operation rightafter the receiving unit 1102 receives a correct license.

The fifth apparatus provided herein refers to RI or subscriber manager,or a functional entity located in the RI or subscriber manager. Theapparatus performs the functions of the RI shown in FIG. 5. As shown inFIG. 12, the apparatus includes:

an obtaining unit 1201, configured to obtain the license of a first SRMfrom a first DRM agent; and

a sending unit 1202, configured to: send the license to a second DRMagent, and submit the license to a second SRM through the second DRMagent.

The sixth apparatus provided herein refers to DRM agent or a functionalentity located in the DRM agent. The apparatus performs the functions ofthe DRM agent shown in FIG. 6 or FIG. 7. As shown in FIG. 13, theapparatus includes:

a determining unit 1301, configured to determine whether a first SRM anda second SRM belong to the same subscriber;

an obtaining unit 1302, configured to obtain the license from the firstSRM if the determining unit 1301 determines that the first SRM and thesecond SRM belong to the same subscriber; and

an executing unit 1303, configured to send the license obtained by theobtaining unit 1302 to a second SRM.

It should be noted that the embodiments above suppose that the licenseis shared between two SRMs. Undoubtedly, persons skilled in the artunderstand that the embodiments of the present invention are applicableto sharing of a license between three or more SRMs. The embodiments ofthe present invention are also applicable to sharing a license on an SRMof one DRM agent with another DRM agent.

Persons of ordinary skilled in the art understand that all or part ofthe steps of the method in the embodiments of the present invention maybe implemented by a program instructing relevant hardware. The programmay be stored in a computer readable storage medium. When the programruns, the corresponding steps in the foregoing method are performed. Thestorage medium may be ROM/RAM, magnetic disk, or CD-ROM.

Although the invention is described through some exemplary embodiments,the invention is not limited to such embodiments. It is apparent thatthose skilled in the art can make modifications and variations to theinvention without departing from the spirit and scope of the invention.The invention is intended to cover the modifications and variationsprovided that they fall in the scope of protection defined by thefollowing claims or their equivalents.

1. A method for sharing a license between Secure Removable Media (SRM),comprising: obtaining, by a Digital Rights Management (DRM) agent, thelicense from a first SRM, and setting the license to a forwarding statelocally; deducting, by the DRM agent, one right of sharing the license;and sending, by the DRM agent, the license to a second SRM.
 2. Themethod of claim 1, wherein: sharing of the license is copying of thelicense or moving of the license, and sharing of rights is copying ofthe rights or moving of the rights; when sharing of the license ismoving of the license, the method further comprises: triggering, by theDRM agent, the first SRM to delete the license; when the sharing of thelicense is copying of the license, the deducting of one right of sharingthe license by the DRM agent comprise: deducting, by the DRM agent, oneright of copying of the license on the first SRM, wherein the licensesent by the DRM agent to the second SRM does not comprise the copyingright; or, deducting, by the DRM agent, one right of copying of thelicense sent to the second SRM, and deducting all rights of copying thelicense on the first SRM.
 3. The method of claim 1, further comprising:keeping, by the DRM agent, a log in the forwarding process, wherein thelog comprises at least one of a operation type, a current state, alicense identifier, an identifier of the first SRM, a first handle onthe first SRM corresponding to the license, an identifier of the secondSRM, and a second handle on the second SRM corresponding to the license;when the sharing of the license is interrupted, the method furthercomprises: continuing, by the DRM agent, sending the license to thesecond SRM according to the log; or, recovering, by the DRM agent, thelicense on the first SRM according to the log.
 4. The method of claim 1,wherein the sending of the license by the DRM agent to the second SRMcomprises: forwarding, by the DRM agent, the license to the second SRMthrough another DRM agent.
 5. A method for sharing a license,comprising: triggering, by a Digital Rights Management (DRM) agent, afirst Secure Removable Medium (SRM) and a second SRM to negotiate ashared key; encrypting, by the first SRM, partial or completeinformation of the license by using the shared key; and sending thelicense to the second SRM.
 6. The method of claim 5, wherein: before thefirst SRM sends the license to the second SRM, the method furthercomprises: performing, by the first SRM, integrity protection forpartial or complete information of the license by using the shared key.7. The method of claim 5, wherein: after the first SRM sends the licenseto the second SRM, the method further comprises: authenticating, by thesecond SRM, the license, and deducting one right of sharing the licenseafter the authentication succeeds.
 8. The method of claim 5, wherein:before the first SRM sends the license to the second SRM, the methodfurther comprises: deducting, by the first SRM, one right of sharing thelicense.
 9. The method of claim 5, wherein the sending of the license bythe first SRM to the second SRM comprises: sending, by the first SRM,the license to the second SRM through the DRM agent; and authenticating,by the DRM agent, the license in a forwarding process, and deducting oneright of sharing the license.
 10. The method of claim 5, wherein thetriggering, by the DRM agent , the first SRM and the second SRM tonegotiate the shared key comprises: initiating, by the DRM agent, anauthentication process to the first SRM, and obtaining a first SRMcertificate chain; initiating, by the DRM agent, an authenticationprocess to the second SRM, sending the obtained first SRM certificatechain to the second SRM, and obtaining a second SRM certificate chainand a second random number from the second SRM, wherein the secondrandom number is encrypted through a first SRM public key; initiating,by the DRM agent, a key exchange process to the first SRM, sending thesecond SRM certificate chain and the second random number encryptedthrough the first SRM public key to the first SRM, and obtaining a firstrandom number encrypted through a second SRM public key from the firstSRM; initiating, by the DRM agent, a key exchange process to the secondSRM, and sending the first random number encrypted through the secondSRM public key to the second SRM; and using, by the first SRM and thesecond SRM, the first random number and the second random number todetermine the shared key.
 11. A method for sharing a license,comprising: sending, by a first Digital Rights Management (DRM) agent,the license to an Rights Issuer (RI) after obtaining the license from afirst Secure Removable Medium (SRM); obtaining, by a second DRM agent,the license from the RI; and sending, by a second DRM agent, the licenseto a second SRM.
 12. The method of claim 11, wherein: before the secondDRM agent obtains the license from the RI, the method further comprises:generating, by the RI, a license bound to the second SRM according tothe license obtained from the first SRM.
 13. The method of claim 11,wherein: before the second DRM agent obtains the license from the RI,the method further comprises: verifying, by the RI, that the first SRMand the second SRM belong to the same subscriber.
 14. A method forsharing a license, comprising: sending, by a Digital Rights Management(DRM) agent, the license obtained from a first Secure Removable Medium(SRM) to a second SRM after determining that the first SRM and thesecond SRM belong to a same subscriber.
 15. The method of claim 14,wherein the determining of that the first SRM and the second SRM belongto the same subscriber by the DRM agent comprises: sending, by the DRMagent, a query message that carries an identifier of the first SRM tothe RI or a subscriber manage server to query a subscriber to whom thefirst SRM belongs; sending, by the DRM agent, a query message thatcarries an identifier of the second SRM to the RI or a subscribermanager to query a subscriber to whom the second SRM belongs; andverifying, by the DRM agent, whether the first SRM and the second SRMbelong to the same subscriber; or, sending, by the DRM agent, a querymessage that carries the identifier of the first SRM and the identifierof the second SRM to the RI or subscriber manage server to verifywhether the first SRM and the second SRM belong to the same subscriber;and returning, by the RI or the subscriber manage server, a queryresponse to the DRM agent, indicating whether the first SRM and thesecond SRM belong to the same subscriber.
 16. An apparatus for sharing alicense, comprising: an obtaining unit, configured to obtain the licensefrom a first Secure Removable Medium (SRM); a forwarding setting unit,configured to set the obtained license to a forwarding state; a sendingunit, configured to send the obtained license to a second SRM; and acontrolling unit, configured to deduct one right of sharing the license.17. The apparatus of claim 16, further comprising: a deletion requestingunit, configured to request the first SRM to delete the license; and adeletion response receiving unit, configured to receive a licensedeletion response returned by the first SRM.
 18. An apparatus forsharing a license, comprising: a Secure Removable Media (SRM)interacting unit, configured to trigger a first SRM and a second SRM toperform key negotiation; and a forwarding unit, configured to forwardthe license of the first SRM to the second SRM.
 19. An apparatus forsharing a license between a first Secure Removable Media (SRM) and asecond SRM, located in the first SRM, comprising: a key negotiatingunit, configured to perform key negotiation with the second SRM; aprocessing unit, configured to encrypt partial information or completeinformation of the license by using a shared key negotiated with thesecond SRM; and a sending unit, configured to send the license to thesecond SRM.
 20. The apparatus of claim 19, further comprising: adeleting unit, configured to delete a local license after confirmingthat the second SRM receives the license.